diff --git a/mod/forum/search.php b/mod/forum/search.php
index 6fb0fd1ff6774..6f6bd3bd0ffdb 100644
--- a/mod/forum/search.php
+++ b/mod/forum/search.php
@@ -9,14 +9,14 @@
$perpage = optional_param('perpage', 10, PARAM_INT); // how many per page
$showform = optional_param('showform', 0, PARAM_INT); // Just show the form
- $user = stripslashes(trim(optional_param('user', '', PARAM_NOTAGS))); // Names to search for
+ $user = trim(optional_param('user', '', PARAM_NOTAGS)); // Names to search for
$userid = trim(optional_param('userid', 0, PARAM_INT)); // UserID to search for
$forumid = trim(optional_param('forumid', 0, PARAM_INT)); // ForumID to search for
- $subject = stripslashes(trim(optional_param('subject', '', PARAM_NOTAGS))); // Subject
- $phrase = stripslashes(trim(optional_param('phrase', '', PARAM_NOTAGS))); // Phrase
- $words = stripslashes(trim(optional_param('words', '', PARAM_NOTAGS))); // Words
- $fullwords = stripslashes(trim(optional_param('fullwords', '', PARAM_NOTAGS))); // Whole words
- $notwords = stripslashes(trim(optional_param('notwords', '', PARAM_NOTAGS))); // Words we don't want
+ $subject = trim(optional_param('subject', '', PARAM_NOTAGS)); // Subject
+ $phrase = trim(optional_param('phrase', '', PARAM_NOTAGS)); // Phrase
+ $words = trim(optional_param('words', '', PARAM_NOTAGS)); // Words
+ $fullwords = trim(optional_param('fullwords', '', PARAM_NOTAGS)); // Whole words
+ $notwords = trim(optional_param('notwords', '', PARAM_NOTAGS)); // Words we don't want
$timefromrestrict = optional_param('timefromrestrict', 0, PARAM_INT); // Use starting date
$fromday = optional_param('fromday', 0, PARAM_INT); // Starting date
@@ -119,7 +119,7 @@
print_header_simple("$strsearchresults", "",
"id\">$strforums ->
- id\">$strsearch -> ".s($search), 'search.words',
+ id\">$strsearch -> ".s($search, true), 'search.words',
"", "", " ", navmenu($course));
print_heading(get_string("nopostscontaining", "forum", $search));
@@ -135,7 +135,7 @@
print_header_simple("$strsearchresults", "",
"id\">$strforums ->
- id\">$strsearch -> ".s($search), '',
+ id\">$strsearch -> ".s($search, true), '',
"", "", $searchform, navmenu($course));
echo '';
@@ -203,7 +203,7 @@
// Hack for posts of format FORMAT_PLAIN. Otherwise html tags added by
// the highlight() call bellow get stripped out by forum_print_post().
if ($post->format == FORMAT_PLAIN) {
- $post->message = s($post->message);
+ $post->message = stripslashes_safe($post->message);
$post->message = rebuildnolinktag($post->message);
$post->message = str_replace(' ', ' ', $post->message);
$post->message = nl2br($post->message);
@@ -284,23 +284,23 @@ function forum_print_big_search_form($course) {
echo '
';
echo '| '.get_string('searchwords', 'forum').':';
echo ' | ';
- echo ' | ';
+ echo ' | ';
echo '
';
echo '';
echo '| '.get_string('searchphrase', 'forum').': | ';
- echo ' | ';
+ echo ' | ';
echo '
';
echo '';
echo '| '.get_string('searchnotwords', 'forum').': | ';
- echo ' | ';
+ echo ' | ';
echo '
';
if ($CFG->dbfamily == 'mysql' || $CFG->dbfamily == 'postgres') {
echo '';
echo '| '.get_string('searchfullwords', 'forum').': | ';
- echo ' | ';
+ echo ' | ';
echo '
';
}
@@ -359,12 +359,12 @@ function forum_print_big_search_form($course) {
echo '';
echo '| '.get_string('searchsubject', 'forum').': | ';
- echo ' | ';
+ echo ' | ';
echo '
';
echo '';
echo '| '.get_string('searchuser', 'forum').': | ';
- echo ' | ';
+ echo ' | ';
echo '
';
echo '';